1 package org.argeo.osgi.useradmin;
2
3 import javax.naming.InvalidNameException;
4 import javax.naming.ldap.LdapName;
5
6 import org.argeo.naming.LdapAttrs;
7
8
9 public class IpaUtils {
10 public final static String IPA_USER_BASE = "cn=users,cn=accounts";
11 public final static String IPA_GROUP_BASE = "cn=groups,cn=accounts";
12 public final static String IPA_SERVICE_BASE = "cn=services,cn=accounts";
13
14 private final static String KRB_PRINCIPAL_NAME = LdapAttrs.krbPrincipalName.name().toLowerCase();
15
16 public final static String IPA_USER_DIRECTORY_CONFIG = UserAdminConf.userBase + "=" + IPA_USER_BASE + "&"
17 + UserAdminConf.groupBase + "=" + IPA_GROUP_BASE + "&" + UserAdminConf.readOnly + "=true";
18
19 static String domainToUserDirectoryConfigPath(String realm) {
20 return domainToBaseDn(realm) + "?" + IPA_USER_DIRECTORY_CONFIG + "&" + UserAdminConf.realm.name() + "=" + realm;
21 }
22
23 public static String domainToBaseDn(String domain) {
24 String[] dcs = domain.split("\\.");
25 StringBuilder sb = new StringBuilder();
26 for (int i = 0; i < dcs.length; i++) {
27 if (i != 0)
28 sb.append(',');
29 String dc = dcs[i];
30 sb.append(LdapAttrs.dc.name()).append('=').append(dc.toLowerCase());
31 }
32 return sb.toString();
33 }
34
35 public static LdapName kerberosToDn(String kerberosName) {
36 String[] kname = kerberosName.split("@");
37 String username = kname[0];
38 String baseDn = domainToBaseDn(kname[1]);
39 String dn;
40 if (!username.contains("/"))
41 dn = LdapAttrs.uid + "=" + username + "," + IPA_USER_BASE + "," + baseDn;
42 else
43 dn = KRB_PRINCIPAL_NAME + "=" + kerberosName + "," + IPA_SERVICE_BASE + "," + baseDn;
44 try {
45 return new LdapName(dn);
46 } catch (InvalidNameException e) {
47 throw new IllegalArgumentException("Badly formatted name for " + kerberosName + ": " + dn);
48 }
49 }
50
51 private IpaUtils() {
52
53 }
54 }